Study on Cloud Computing in Arab States: Legal and Legislative
Total Page:16
File Type:pdf, Size:1020Kb
International Telecommunication Union Cloud Computing in Arab States: Legal and Legislative Aspects, Facts and Horizons International Telecommunication Union Report By: Dr. Janane EL-KHOURY Beirut, December 30, 2015 PLAN Executive Summary ……………………………………………………………………………….. 3 Introduction …………………………………………………………………………………………… 4 Part I: Cloud Computing …………………………………………………………………………. 6 Clause I: Practical Challenges and Legal Issues Raised in Arab States 7 Clause II: Legislative and Regulatory Situation Exclusively in Arab States 9 1. Jordan ……………………………………………………………………………………………………….. 12 2. United Arab Emirates (UAE) ………………………………………………………………………. 13 3. Bahrain ……………………………………………………………………………………………………… 16 4. Algeria ………………………………………………………………………………………………………. 17 5. Kingdom Saudi Arabia (KSA) ………………………………………………………………………. 17 6. Sudan ……………………………………………………………………………………………………….. 18 7. Somalia …………………………………………………………………………………………………….. 18 8. Iraq …………………………………………………………………………………………………………… 19 9. Kuwait ……………………………………………………………………………………………………… 19 10. Morocco …………………………………………………………………………………………………… 20 11. Yemen ………………………………………………………………………………………………………. 22 12. Tunisia ……………………………………………………………………………………………………… 22 13. Comoros …………………………………………………………………………………………………… 24 14. Djibouti …………………………………………………………………………………………………….. 24 15. Sultanate of Oman ……………………………………………………………………………………. 24 16. Syria ………………………………………………………………………………………………………….. 25 17. Palestine …………………………………………………………………………………………………… 26 18. Qatar ………………………………………………………………………………………………………… 27 19. Lebanon ……………………………………………………………………………………………………. 29 20. Libya ………………………………………………………………………………………………………… 30 21. Egypt ……………………………………………………………………………………………………….. 31 22. Mauritania ………………………………………………………………………………………………. 32 Part II: Best Practices of the Cloud Computing Legislative Framework: Comparative Study34 Clause I: United Nations, ITU and Cloud Computing …………………………………………………………. 35 Clause II: The European Union’s Leading Role …………………………………………………………….. 35 Clause III Western Local Legislations …………………………………………………………………….. 38 Clause IV Legal Standards, Regulations and Legal Suggestions …………………………….. 39 Contractual Aspect of the Cloud Computing Legislative Framework ……………………………… 40 Suggestions and Standards …………………………………………………………………………………………….. 40 National Sovereignty, Cloud Computing Security and Cross-border security Challenges 43 Regional Coordination and Cooperation between Arab States…………………………………………. 46 Arab Safe Harbor Agreement ………………………………………………………………………………………….. 47 Conclusion and Proposals ………………………………………………………………………………………………….48 Bibliography…………………………………………………………………………………………………………………… 52 2 Executive Summary This study aims at reviewing the legal and legislative aspects of cloud computing in the Arab States facts and horizons, and the multi-faced issues it raises - legislative, executive, administrative, technical and practical, in addition to other issues such as cloud computing security, data protection, processing and transfer, apps security and identity management system. The legal aspect of cloud computing is basically tridimensional: the functional and technical dimension, the legal dimension and the contractual dimension. Therefore, it is important to discuss whether there is an official (local and regional) Arab vision to set up a digital infrastructure for integration into the international digital environment, especially considering several concerns over such service in the Arab States mainly related to data security; Internet violation or weak Internet-based services; environmental concerns; contracts of adhesion imposed by the service providers which impede the movement of data, procurement of services and functioning applications. These concerns cause the Arab region to lag behind in this domain. Other legal, objective and procedural issues have also been raised, from the extent of cooperation among Sates, mainly on technical issues; the extent of cooperation among the local competent ministries; the cooperation between the public and private sectors; the financial cost for the Arab States for the integration to cloud computing; capacity building in Arab States and an academic university major, the raising of public awareness and the dissemination of a national and regional culture of cloud computing. However, what matters the most is the issue of sovereignty over databases. In fact, there are contractual challenges and several concerns particularly about where to keep the data and by what legislation should it be covered. To discuss all these issues, it is important to review and update the legislative framework of cloud computing in the Arab region in general, and at the national level for the 22 Arab States (Jordan, United Arab Emirates (UAE), Bahrain, Algeria, Kingdom of Saudi Arabia (KSA), Kuwait, Tunisia, Comoros, Djibouti, Syria, Sudan, Somalia, Iraq, Sultanate of Oman, State of Palestine, Qatar, Lebanon, Libya, Egypt, Morocco, Mauritania and Yemen), by studying the following points, mainly: the concept of cloud computing; the legal, technical, administrative, political and practical risks; and best practices in cloud computing (the European Union and US experiences). Suggestions and recommendations such as an Arab Safe Harbor are presented, as well as the active role of the ITU, with the conclusion including some findings and proposals with a focus on the future. 3 Introduction Every human generation has its own stake, around which all organizations, negotiations and structure of the aligning of balanced international relations, directly or indirectly, revolve. Today, the globalization of technology has primary influence on the development of the global society, and its major production is what is known today as cloud computing. Cloud computing is considered as one of the greatest technological transformations and breakthroughs in the world, offering many long-term and large-scale services on the web, particularly services related to data storage, backup, networks, cybersecurity, management systems, data transmission, use and development of software, creation of job opportunities, and the development of the ICT industry. On the other hand, cloud computing creates lots of challenges in the Arab States in general, and in every single country in particular, mostly at the legislative, executive, administrative, technical and practical levels, in addition to the loss of data control1, and the efforts necessary to ensure that the operations of cloud computing are in line with the existing local and regional legal regulations and rules2. Also to be considered are other issues such as cloud computing security, data protection, processing and transmission, application security, material security and identity management system. The legal aspect of cloud computing is located in three dimensions: functional and technical, legal and contractual. This is why many international organizations that are watching over security and evolution of the international community - including the ITU - are working to find new technical, legal, administrative and practical frameworks for cloud computing, in order to assure privacy of the personal data that may belong to individuals, companies and countries, by reconsidering the current situation at the national level and the applicable rules related to the cloud computing. Internationally speaking, the world is currently oriented towards cloud computing services. Several countries, particularly the developed ones, such as the United States, the European Union countries and China, elaborated national strategies and policies aimed at taking benefit from cloud computing services, particularly at regulating their relations with large corporations which requires an extended infrastructure, local data centers, in addition to small and medium sized enterprises. In the Arab States, the international reports3 show an annual constant cloud computing usage growth. Therefore, it is important to discuss its status in these States, and whether there is an official Arab (national and regional) vision to lay a digital infrastructure for the integration into the continuously and fast changing digital world. Considering the several concerns about such service in the Arab States, related to the information security, the information safety for governmental data, the breakage of the Internet service or the non-adequacy of the services in addition to the environmental concerns, the adherence contracts imposed by the service providers on the local clients, or the sudden ban imposed by the companies on the Software as (SaaS) services, or the Platform as (PaaS) service, or the Infrastructure as 4 (IaaS) service, which hampers the movement of data, procurement of services and functioning of applications and thus keeps the Arab region backward in this area. There are also several legal, objective and procedural difficulties4, the question of the extent of cooperation amongst these States, mainly technical problems5, the extent of cooperation amongst the national competent ministries, the cooperation between the public and private sectors, the financial costs of engagement of the Arab States in the cloud computing world, the issue of specialized capacity building in the Arab States and a specialized academic college, the public awareness, and the spread of a national and regional culture of cloud computing. Still the most important issue is related to the national sovereignty over the databases6. There are contractual challenges and concerns especially concerning by what legislation should data